Syntax Description

(Optional) Module and port number; see the "Usage Guidelines" section for valid values.

nullinterface-number

(Optional) Specifies the null interface; the valid value is 0.

port-channelnumber

(Optional) Specifies the channel interface; valid values are a maximum of 64 values ranging from 1 to 256.

vlanvlan-id

(Optional) Specifies the VLAN; valid values are from 1 to 4094.

detail

(Optional) Displays the information about the protocol detail and timer.

internal

(Optional) Displays the information about the internal data structure.

summary

(Optional) Displays a summary of CEF-adjacency information.

Defaults

This command has no default settings.

Command Modes

EXEC

Command History

Release

Modification

12.2(25)EW

Extended to include the 10-Gigabit Ethernet interface.

Usage Guidelines

The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13, and valid values for the port number are from 1 to 48.

Syntax Description

interfaceinterface

Displays all of the Auth Manager details associated with the specified interface.

registrations

Displays details of all methods registered with the Auth Manager.

sessions

Displays details of the current Auth Manager sessions (for example, client devices). If you do not enter any optional specifiers, all current active sessions are displayed. You can enter the specifiers singly or in combination to display a specific session (or group of sessions).

session-id session-id

(Optional) Specifies an Auth Manager session.

handlehandle

(Optional) Specifies the particular handle for which Auth Manager information is displayed. Range is 1 to 4294967295.

(Optional) Displays all clients authorized by a specified authentication method. Valid values are as follows:

•dot1x

•mab

•webauth

interfaceinterfacedetails

(Optional) Displays detailed information.

interfaceinterfacepolicy]

(Optional) Displays policies applied on the interface.

Command Default

This command has no default settings.

Command Modes

EXEC

Command History

Release

Modification

12.2(50)SG

This command was introduced.

Usage Guidelines

Table 2-19 describes the significant fields shown in the show authentication display.

Note The possible values for the status of sessions are given below. For a session in terminal state, "Authz Success" or "Authz Failed" are displayed. "No methods" is displayed if no method has provided a result.

Table 2-19 show authentication Command Output

Field

Description

Idle

The session has been initialized and no methods have run yet.

Running

A method is running for this session.

No methods

No method has provided a result for this session.

Authc Success

A method has resulted in authentication success for this session.

Authc Failed

A method has resulted in authentication fail for this session.

Authz Success

All features have been successfully applied for this session.

Authz Failed

A feature has failed to be applied for this session.

Table 2-20 lists the possible values for the state of methods. For a session in terminal state, "Authc Success," "Authc Failed," or "Failed over" are displayed (the latter indicates a method ran and failed over to the next method which did not provide a result. "Not run" is displayed in the case of sessions that are synchronized on standby.

Table 2-20 State Method Values

Method State

State Level

Description

Not run

Terminal

The method has not run for this session.

Running

Intermediate

The method is running for this session.

Failed over

Terminal

The method has failed and the next method is expected to provide a result.

Authc Success

Terminal

The method has provided a successful authentication result for the session.

Authc Failed

Terminal

The method has provided a failed authentication result for the session.

Examples

The following example shows how to display authentication methods registered with Auth Manager:

Switch# show authentication registrations

Auth Methods registered with the Auth Manager:

Handle Priority Name

3 0 dot1x

2 1 mab

1 2 webauth

Switch#

The following example shows how to display Auth Manager details for a specific interface:

Switch# show authentication interface gigabitethernet1/23

Client list:

MAC Address Domain Status Handle Interface

000e.84af.59bd DATA Authz Success 0xE0000000 GigabitEthernet1/0/23

Available methods list:

Handle Priority Name

3 0 dot1x

Runnable methods list:

Handle Priority Name

3 0 dot1x

Switch#

The following example shows how to display all Auth Manager sessions on the switch:

Switch# show authentication sessions

Interface MAC Address Method Domain Status Session ID

Gi3/45 (unknown) N/A DATA Authz Failed 0908140400000007003651EC

Gi3/46 (unknown) N/A DATA Authz Success 09081404000000080057C274

The following example shows how to display all Auth Manager sessions on an interface:

Switch# show authentication sessions int gi 3/46

Interface: GigabitEthernet3/46

MAC Address: Unknown

IP Address: Unknown

Status: Authz Success

Domain: DATA

Oper host mode: multi-host

Oper control dir: both

Authorized By: Guest Vlan

Vlan Policy: 4094

Session timeout: N/A

Idle timeout: N/A

Common Session ID: 09081404000000080057C274

Acct Session ID: 0x0000000A

Handle: 0xCC000008

Runnable methods list:

Method State

dot1x Failed over

The following example shows how to display Auth Manager session for a specified MAC address:

Switch# show authentication sessions mac 000e.84af.59bd

Interface: GigabitEthernet1/23

MAC Address: 000e.84af.59bd

Status: Authz Success

Domain: DATA

Oper host mode: single-host

Authorized By: Authentication Server

Vlan Policy: 10

Handle: 0xE0000000

Runnable methods list:

Method State

dot1x Authc Success

Switch#

The following example shows how to display all clients authorized via a specified auth method:

Switch# show authentication sessions method mab

No Auth Manager contexts match supplied criteria

Switch# show authentication sessions method dot1x

MAC Address Domain Status Handle Interface

000e.84af.59bd DATA Authz Success 0xE0000000 GigabitEthernet1/23

Switch#

The following example displays the policies applied on interface e0/0:

AUTH# show authentication sessions interface e0/0 policy

Interface: Ethernet0/0

MAC Address: aabb.cc01.ff00

IPv6 Address: Unknown

IPv4 Address: Unknown

User-Name: gupn

Status: Authorized

Domain: DATA

Security Policy: Should Secure

Security Status: Unsecure

Oper host mode: multi-host

Oper control dir: both

Session timeout: N/A

Common Session ID: 0D0102330000000D0003329A

Acct Session ID: Unknown

Handle: 0x6F000002

Current Policy: POLICY_Et0/0

Local Policies:

Template: SVC_1 (priority 10)

Idle timeout: 500 sec

TAG: blue

URL Redirect: www.a.com

URL Redirect ACL: a

Template: SVC_3 (priority 20)

Idle timeout: 300 sec

TAG: red

URL_Redirect: www.b.com

URL-Redirect ACL: b

Server Policies:

Idle timeout: 800 sec

Resultant policies:

Idle timeout: 500 sec

TAG: blue

URL Redirect: www.a.com

URL Redirect ACL: a

TAG: red

Method status list:

Method State

dot1x Authc Success

Related Commands

Command

Description

authentication control-direction

Changes the port control to unidirectional or bidirectional.

authentication critical recovery delay

Configures the 802.1X critical authentication parameters.

authentication event

Configures the actions for authentication events.

authentication fallback

Enables the Webauth fallback and specifies the fallback profile to use when failing over to Webauth.

authentication host-mode

Defines the classification of a session that will be used to apply the access-policies using the host-mode configuration.

authentication open

Enables open access on this port.

authentication order

Specifies the order in which authentication methods should be attempted for a client on an interface.

authentication periodic

Enables reauthentication for this port.

authentication port-control

Configures the port-control value.

authentication priority

Specifies the priority of authentication methods on an interface.

authentication timer

Configures the authentication timer.

authentication violation

Specifies the action to be taken when a security violation exists on a port.

show auto install status

To display the status of an automatic installation, use the show auto install status command.

show auto install status

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

12.2(20)EW

Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to display the IP address of the TFTP server and to display whether or not the switch is currently acquiring the configuration file on the TFTP server:

Switch# show auto install status

Status : Downloading config file

DHCP Server : 20.0.0.1

TFTP Server : 30.0.0.3

Config File Fetched : Undetermined

The first IP address in the display indicates the server that is used for the automatic installation. The second IP address indicates the TFTP server that provided the configuration file.

show auto qos

To display the automatic quality of service (auto-QoS) configuration that is applied, use the show auto qos user EXEC command.

show cdp neighbors

To display detailed information about the neighboring devices that are discovered through CDP, use the show cdp neighbors command.

showcdpneighbors [typenumber] [detail]

Syntax Description

type

(Optional) Interface type that is connected to the neighbors about which you want information; possible valid values areethernet, fastethernet, gigabitethernet, tengigabitethernet, port-channel, and vlan.

number

(Optional) Interface number that is connected to the neighbors about which you want information.

Defaults

Command Modes

Command History

Support for this command was introduced on the Catalyst 4500 series switch.

12.1(19)EW

Display enhanced to show the guest-VLAN value.

12.2(25)EW

Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500 series switch.

12.2(25)EWA

Support for currently assigned reauthentication timer (if the timer is configured to honor the Session-Timeout value) was added.

12.2(31)SG

Support for port direction control and critical recovery was added.

Usage Guidelines

If you do not specify an interface, the global parameters and a summary are displayed. If you specify an interface, the details for that interface are displayed.

If you enter thestatisticskeyword without theinterface option, the statistics are displayed for all interfaces. If you enter thestatisticskeyword with theinterface option, the statistics are displayed for the specified interface.

Expressions are case sensitive. For example, if you enterexcludeoutput, the lines that contain output are not displayed, but the lines that contain Output are displayed.

Theshowdot1xcommand displays the currently assigned reauthentication timer and time remaining before reauthentication, if reauthentication is enabled.

Examples

This example shows how to display the output from theshowdot1xcommand:

Switch# show dot1x

Sysauthcontrol = Disabled

Dot1x Protocol Version = 2

Dot1x Oper Controlled Directions = Both

Dot1x Admin Controlled Directions = Both

Critical Recovery Delay = 500

Critical EAP = Enabled

Switch#

This example shows how to display the 802.1X statistics for a specific port:

Switch# show dot1x interface fastethernet6/1

Dot1x Info for FastEthernet6/1

-----------------------------------

PAE = AUTHENTICATOR

PortControl = AUTO

ControlDirection = Both

HostMode = MULTI_DOMAIN

ReAuthentication = Disabled

QuietPeriod = 60

ServerTimeout = 30

SuppTimeout = 30

ReAuthPeriod = 3600 (Locally configured)

ReAuthMax = 2

MaxReq = 2

TxPeriod = 30

RateLimitPeriod = 0

Dot1x Authenticator Client List

-------------------------------

Domain = DATA

Supplicant = 0000.0000.ab01

Auth SM State = AUTHENTICATED

Auth BEND SM Stat = IDLE

Port Status = AUTHORIZED

Authentication Method = Dot1x

Authorized By = Authentication Server

Vlan Policy = 12

Domain = VOICE

Supplicant = 0060.b057.4687

Auth SM State = AUTHENTICATED

Auth BEND SM Stat = IDLE

Port Status = AUTHORIZED

Authentication Method = Dot1x

Authorized By = Authentication Server

Switch#

Note Table 2-24 provides a partial list of the displayed fields. The remaining fields in the display show internal state information. For a detailed description of these state machines and their settings, refer to the 802.1X specification.

Table 2-24 show dot1x interface Field Description

Field

Description

PortStatus

Status of the port (authorized or unauthorized). The status of a port is displayed as authorized if thedot1xport-controlinterface configuration command is set to auto and has successfully completed authentication.

Syntax Description

(Optional) Number of the channel group; valid values are from 1 to 64.

port-channel

Displays port-channel information.

brief

Displays a summary of EtherChannel information.

detail

Displays detailed EtherChannel information.

summary

Displays a one-line summary per channel group.

port

Displays EtherChannel port information.

load-balance

Displays load-balance information.

protocol

Displays the enabled protocol.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.

12.1(13)EW

Support for LACP was added to this command.

Usage Guidelines

If you do not specify a channel group, all channel groups are displayed.

In the output below, the Passive port list field is displayed for Layer 3 port channels only. This field means that the physical interface, which is still not up, is configured to be in the channel group (and indirectly is in the only port channel in the channel group).

Examples

This example shows how to display port-channel information for a specific group:

Switch# show etherchannel 1 port-channel

Port-channels in the group:

----------------------

Port-channel: Po1

------------

Age of the Port-channel = 02h:35m:26s

Logical slot/port = 10/1 Number of ports in agport = 0

GC = 0x00000000 HotStandBy port = null

Passive port list = Fa5/4 Fa5/5

Port state = Port-channel L3-Ag Ag-Not-Inuse

Ports in the Port-channel:

Index Load Port

-------------------

Switch#

This example shows how to display load-balancing information:

Switch# show etherchannel load-balance

Source XOR Destination mac address

Switch#

This example shows how to display a summary of information for a specific group:

Switch# show etherchannel 1 brief

Group state = L3

Ports: 2 Maxports = 8

port-channels: 1 Max port-channels = 1

Switch#

This example shows how to display detailed information for a specific group:

Related Commands

show flowcontrol

To display the per-interface status and statistics related to flow control, use the show flowcontrol command.

show flowcontrol [moduleslot | interfaceinterface]

Syntax Description

moduleslot

(Optional) Limits the display to interfaces on a specific module.

interface interface

(Optional) Displays the status on a specific interface.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.

12.2(25)EW

Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Table 2-26 describes the fields in the showflowcontrol command output.

Table 2-26 show flowcontrol Command Output

Field

Description

Port

Module and port number.

Send-Flowcontrol-Admin

Flow-control administration. Possible settings: on indicates the local port sends flow control to the far end; off indicates the local port does not send flow control to the far end; desired indicates the local end sends flow control to the far end if the far end supports it.

Send-Flowcontrol-Oper

Flow-control operation. Possible setting: disagree indicates the two ports could not agree on a link protocol.

Receive-Flowcontrol-Admin

Flow-control administration. Possible settings: on indicates the local port requires the far end to send flow control; off indicates the local port does not allow the far end to send flow control; desired indicates the local end allows the far end to send flow control.

Receive-Flowcontrol-Oper

Flow-control operation. Possible setting: disagree indicates the two ports could not agree on a link protocol.

RxPause

Number of pause frames received.

TxPause

Number of pause frames transmitted.

Examples

This example shows how to display the flow control status on all the Gigabit Ethernet interfaces:

Switch# showflowcontrol

Port Send FlowControl Receive FlowControl RxPause TxPause

admin oper admin oper

--------- -------- -------- -------- -------- ------- -------

Te1/1 off off on off 0 0

Te1/2 off off on off 0 0

Gi1/3 off off desired on 0 0

Gi1/4 off off desired on 0 0

Gi1/5 off off desired on 0 0

Gi1/6 off off desired on 0 0

Gi3/1 off off desired off 0 0

Gi3/2 off off desired off 0 0

Gi3/3 off off desired off 0 0

Gi3/4 off off desired off 0 0

Gi3/5 off off desired off 0 0

Gi3/6 off off desired off 0 0

Switch#

This example shows how to display the flow control status on module 1:

Switch# showflowcontrolmodule1

Port Send FlowControl Receive FlowControl RxPause TxPause

admin oper admin oper

----- -------- -------- -------- -------- ------- -------

Gi1/1 desired off off off 0 0

Gi1/2 on disagree on on 0 0

Switch#

This example shows how to display the flow control status on Gigabit Ethernet interface 3/4:

Switch# showflowcontrolinterfacegigabitethernet3/4

Port Send FlowControl Receive FlowControl RxPause TxPause

admin oper admin oper

----- -------- -------- -------- -------- ------- -------

Gi3/4 off off on on 0 0

Switch#

This example shows how to display the flow control status on 10-Gigabit Ethernet interface 1/1:

Related Commands

Displays the interface status or a list of interfaces in error-disabled state.

show hw-module port-group

To display how the X2 holes on a module are grouped, use theshowhw-module port-group command.

showhw-modulemodulenumberport-group

Syntax Description

module

Specifies a line module.

number

Specifies a slot or module number.

port-group

Specifies a port-group on a switch.

Defaults

X2 mode.

Command Modes

Global configuration mode

Command History

Release

Modification

12.2(40)SG

Support for WS-X4606-10GE-E Twin Gigabit converter introduced.

Usage Guidelines

When a TwinGig converter is enabled or disabled, the number and type of ports on the line card change dynamically. The terminology must reflect this behavior. In Cisco IOS, 10-Gigabit ports are named TenGigabit and 1-Gigabit ports are named Gigabit. Starting with Cisco IOS Release 12.2(40)SG, to avoid having ports named TenGigabit1/1 and Gigabit1/1, the 10-Gigabit and 1-Gigabit port numbers are independent. The WS-X4606-10GE-E module with six X2 ports are named TenGigabit<slot-num>/<1-6>, and the SFP ports are named Gigabit<slot-num>/<7-18>.

In the Supervisor Engine 6-E and Catalyst 4900M chassis, the ports are connected to the switching engine through a stub ASIC. This stub ASIC imposes some limitations on the ports: Gigabit and 10-Gigabit ports cannot be mixed on a single stub ASIC; they must either be all 10-Gigabit (X2), or all Gigabit (TwinGig converter and SFP). The faceplates of X2 modules show this stub-port grouping, either with an actual physical grouping, or a box drawn around a grouping.

Examples

This example shows to determine how the X2 holes on a module are grouped on a WS-X4606-10GE-E:

Defaults

Command Modes

Command History

Support for this command was introduced on the Catalyst 4500 series switch.

12.1(12c)EW

Support for extended VLAN addresses was added.

12.2(25)EW

Support for the 10-Gigabit Ethernet interface was introduced on the Catalyst 4500 series switch.

12.2(31)SGA

Support for auto-MDIX reflected in command output.

12.2(52)SG

Added support for per-VLAN error-disable detection.

Usage Guidelines

The statistics are collected per VLAN for Layer 2 switched packets and Layer 3 switched packets. The statistics are available for both unicast and multicast. The Layer 3 switched packet counts are available for both the ingress and egress directions. The per-VLAN statistics are updated every 5 seconds.

If you do not enter any keywords, all counters for all modules are displayed.

Line cards that support auto-MDIX configuration on their copper media ports include: WS-X4124-RJ45, WS-X4148-RJ with hardware revision 3.0 or later, and WS-X4232-GB-RJ with hardware revision 3.0 or later.

Examples

This example shows how to display traffic for Gigabit Ethernet interface 2/5:

Switch# show interfaces gigabitethernet2/5

GigabitEthernet9/5 is up, line protocol is up (connected) (vlan-err-dis)

This example shows how to verify the status of auto-MDIX on an RJ-45 port:

Note You can verify the configuration setting and the operational state of auto-MDIX on the interface by entering the show interfaces EXEC command. This field is applicable and appears only on the show interfaces command output for 10/100/1000BaseT RJ-45 copper ports on supported linecards including WS-X4124-RJ45, WS-X4148-RJ with hardware revision 3.0 or later, and WS-X4232-GB-RJ with hardware revision 3.0 or later.

This example shows how to display status information for Gigabit Ethernet interface 1/2:

Switch# show interfaces gigabitethernet1/2 status

Port Name Status Vlan Duplex Speed Type

Gi1/2 notconnect 1 auto 1000 1000-XWDM-RXONLY

Switch#

This example shows how to display status information for the interfaces on the supervisor engine:

Switch# show interfaces status

Port Name Status Vlan Duplex Speed Type

Te1/1 connected 1 full 10G 10GBase-LR

Te1/2 connected 1 full 10G 10GBase-LR

Switch#

show interfaces (virtual switch)

To display traffic that is seen by a specific interface, use the show interfaces command in EXEC mode.

show interfaces [interfaceiswitch-num/mod/port]

Syntax Description

interface

(Optional) Specifies interface type

switch-num

Specifies port number.

/mod

Specifies module number

/port

Specifies port number

Defaults

This command has no defaults settings.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

Cisco IOS XE 3.4.0SG and 15.1(2)SG

Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Statistics are collected on a per-VLAN basis for Layer 2-switched packets and Layer 3-switched packets. Statistics are available for both unicast and multicast traffic. The Layer 3-switched packet counts are available for both ingress and egress directions. The per-VLAN statistics are updated every 5 seconds.

In some cases, you might see a difference in the duplex mode that is displayed between the show interfaces (virtual switch) command and the show running-config switch (virtual switch) command. In this case, the duplex mode that is displayed in the show interfaces (virtual switch) command is the actual duplex mode that the interface is running. The show interfaces (virtual switch) command shows the operating mode for an interface, while the show running-config switch (virtual switch) command shows the configured mode for an interface.

If you do not specify an interface, the information for all interfaces is displayed.

The output of the show interfaces GigabitEthernet command displays an extra 4 bytes for every packet that is sent or received. The extra 4 bytes are the Ethernet frame CRC in the input and output byte statistics.

Examples

The following example shows how to display traffic for a specific interface:

(Optional) Displays information about the current status of the enabled protocols.

storm-control

(Optional) Displays the discard count and the level settings for each mode.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

Cisco IOS XE 3.4.0SG and 15.1(2)SG

Support for this command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

The show interfaces counters command displays the number of all of the packets arriving and includes the number of packets that may be dropped by the interface due to the storm-control settings. To display the total number of dropped packets, you can enter the show interfaces counters storm-control command.

The show interfaces counters storm-control command displays the discard count and the level settings for each mode. The discard count is a total of all three modes.

If you do not enter any keywords, all counters for all modules are displayed.

If you do not specify an interface, the information for all interfaces is displayed.

When you enter the show interfaces interface counters etherchannel command, follow these guidelines:

•If interface specifies a physical port, the command displays the message "Etherchannel not enabled on this interface."

•If interface is omitted, the command displays the counters for all port channels (in the system) and for their associated physical ports.

•If interface specifies a port channel, the command displays the counters for the port channel and all of the physical ports that are associated with it. In addition, when you enter the command specifying the primary aggregator in a Link Aggregation Control Protocol (LACP) port channel with multiple aggregators, the output includes the statistics for all of the aggregators in the port channels and for the ports that are associated with them.

Examples

The following example shows how to display the error counters for a specific:

Router# show interfaces gigabitethernet 2/4/47 counters errors

Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize OutDiscards

Gi2/4/47 0 0 0 0 0 0

Port Single-Col Multi-Col Late-Col Excess-Col Carri-Sen Runts s

Gi2/4/47 0 0 0 0 0 0 0

Port SQETest-Err Deferred-Tx IntMacTx-Err IntMacRx-Err Symbol-Err

Gi2/4/47 0 0 0 0 0

Router#

The following example shows how to display traffic that is seen by a specific interface:

Router# show interfaces gigabitethernet 1/2/5 counters

Port InOctets InUcastPkts InMcastPkts InBcastPkts

Gi1/2/5 0 0 0 0

Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts

Gi1/2/5 0 0 0 0

Router#

The following example shows how to display the counters for all port channels (in the system) and their associated physical ports:

Router# show interfaces counters etherchannel

Port InOctets InUcastPkts InMcastPkts InBcastPkts

Po1 0 0 0 0

Po3 0 0 0 0

Po10 16341138343 77612803 12212915 14110863

Gi1/4/1 15628478622 77612818 7525970 14110865

Gi1/4/2 712662881 0 4686951 5

Po20 33887345029 88483183 11506653 14101212

Gi2/4/1 33326378013 88491521 7177393 14101663

Gi2/4/2 562904837 0 4330030 6

Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts

Po1 0 0 0 0

Po3 0 0 0 0

Po10 33889238079 14101204 99999327 0

Gi1/4/1 33326354634 14101205 95669326 0

Gi1/4/2 562904707 7 4330029 0

Po20 16338422056 14353951 89573339 0

Gi2/4/1 15628501864 14232410 85017290 0

Gi2/4/2 712663011 121541 4565416 0

Router#

The following example shows how to display the counters for all port channels (in the system) and their associated physical ports in Cisco IOS Release 12.2(50)SY and later releases:

Router# show interfaces counters etherchannel

Port InOctets InUcastPkts InMcastPkts InBcastPkts

Po1 0 0 0 0

Po3 0 0 0 0

Po10 16341138343 77612803 12212915 14110863

Gi1/4/1 15628478622 77612818 7525970 14110865

Gi1/4/2 712662881 0 4686951 5

Po20 33887345029 88483183 11506653 14101212

Gi2/4/1 33326378013 88491521 7177393 14101663

Gi2/4/2 562904837 0 4330030 6

Router#

The following example shows how to display the protocols enabled for a specific interface:

Syntax Description

int_name

(Optional) Interface name.

detail

(Optional) Displays the calibrated values and the A2D readouts if the readout values differ from the calibrated values. Also displays the high-alarm, high-warning, low-warning, and low-alarm thresholds.

modulemod

(Optional) Limits the display to interfaces on a specific module.

Defaults

The noninterface-specific versions of the show interfaces transceiver command are enabled by default.

The interface-specific versions of these commands are enabled by default if the specified interface has a transceiver (GBIC or SFP) that is configured for diagnostic monitoring, and the transceiver is in a module that supports diagnostic monitoring.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

12.1(20)EW

Support for this command was introduced on the Catalyst 4500 series switch.

12.2(18)EW

Support for the calibration keyword was withdrawn.

Usage Guidelines

The show interfaces transceivercommandprovides useful information under the following conditions:

•At least one transceiver is installed on a chassis that is configured for diagnostic monitoring.

•The transceiver is in a module that supports diagnostic monitoring.

If you notice that the alarm and warning flags have been set on a transceiver, reenter the command to confirm.

Examples

This example shows how to display diagnostic monitoring data for all interfaces with transceivers installed on the switch:

Switch# show interfaces transceiver

If device is externally calibrated, only calibrated values are printed.

++ : high alarm, + : high warning, - : low warning, -- : low alarm.

NA or N/A: not applicable, Tx: transmit, Rx: receive.

mA: milliamperes, dBm: decibels (milliwatts).

Optical Optical

Temperature Voltage Current Tx Power Rx Power

Port (Celsius) (Volts) (mA) (dBm) (dBm)

------- ----------- ------- -------- -------- --------

Gi1/1 48.1 3.30 0.0 8.1 ++ N/A

Gi1/2 33.0 3.30 1.8 -10.0 -36.9

Gi2/1 43.7 5.03 50.6 + -16.7 -- N/A

Gi2/2 39.2 5.02 25.7 0.8 N/A

Switch#

Note The value for the Optical Tx Power (in dBm) equals ten times log (Tx Power in mW). If the Tx Power value is 3 mW, then the Optical Tx Power value equals 10 * log (3), which equals 10 * .477 or 4.77 dBm. The Optical Rx Power value behaves similarly. If the Tx Power or the Rx Power is zero, then its dBm value is undefined and is shown as N/A (not applicable).

This example shows how to display detailed diagnostic monitoring data, including calibrated values, alarm and warning thresholds, A2D readouts, and alarm and warning flags. The A2D readouts are reported separately in parentheses only if they differ from the calibrated values:

Syntax Description

(Optional) Displays statistics for the following types of packets that have been processed by this feature: forwarded, dropped, MAC validation failure, and IP validation failure.

vlan vlan-range

(Optional) When used with the statistics keyword, displays the statistics for the selected range of VLANs. Without the statistics keyword, displays the configuration and operating state of DAI for the selected range of VLANs.

interfacesinterface-name

(Optional) Displays the trust state and the rate limit of ARP packets for the provided interface. When the interface name is not specified, the command displays the trust state and rate limit for all applicable interfaces in the system.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

12.1(19)EW

Support for this command was introduced on the Catalyst 4500 series switch.

Examples

This example shows how to display the statistics of packets that have been processed by DAI for VLAN 3:

Switch# show ip arp inspection statistics vlan 3

Vlan Forwarded Dropped DHCP Drops ACL Drops

---- --------- ------- ---------- ----------

3 31753 102407 102407 0

Vlan DHCP Permits ACL Permits Source MAC Failures

---- ------------ ----------- -------------------

3 31753 0 0

Vlan Dest MAC Failures IP Validation Failures

---- ----------------- ----------------------

3 0 0

Switch#

This example shows how to display the statistics of packets that have been processed by DAI for all active VLANs:

Switch# show ip arp inspection statistics

Vlan Forwarded Dropped DHCP Drops ACL Drops

---- --------- ------- ---------- ----------

1 0 0 0 0

2 0 0 0 0

3 68322 220356 220356 0

4 0 0 0 0

100 0 0 0 0

101 0 0 0 0

1006 0 0 0 0

1007 0 0 0 0

Vlan DHCP Permits ACL Permits Source MAC Failures

---- ------------ ----------- -------------------

1 0 0 0

2 0 0 0

3 68322 0 0

4 0 0 0

100 0 0 0

101 0 0 0

1006 0 0 0

1007 0 0 0

Vlan Dest MAC Failures IP Validation Failures

---- ----------------- ----------------------

1 0 0

2 0 0

3 0 0

4 0 0

100 0 0

101 0 0

1006 0 0

1007 0 0

Switch#

This example shows how to display the configuration and operating state of DAI for VLAN 1:

Switch# show ip arp inspection vlan 1

Source Mac Validation : Disabled

Destination Mac Validation : Disabled

IP Address Validation : Disabled

Vlan Configuration Operation ACL Match Static ACL

---- ------------- --------- --------- ----------

1 Enabled Active

Vlan ACL Logging DHCP Logging

---- ----------- ------------

1 Deny Deny

Switch#

This example shows how to display the trust state of Fast Ethernet interface 6/1:

Switch# show ip arp inspection interfaces fastEthernet 6/1

Interface Trust State Rate (pps) Burst Interval

--------------- ----------- ---------- --------------

Fa6/1 Untrusted 20 5

Switch#

This example shows how to display the trust state of the interfaces on the switch:

show ip interface

To display the usability status of interfaces that are configured for IP, use theshowipinterface command.

showipinterface [typenumber]

Syntax Description

type

(Optional) Interface type.

number

(Optional) Interface number.

Defaults

This command has no default settings.

Command Modes

EXEC

Command History

Release

Modification

12.2(25)EW

Extended to include the 10-Gigabit Ethernet interface.

Usage Guidelines

The Cisco IOS software automatically enters a directly connected route in the routing table if the interface is usable. A usable interface is one through which the software can send and receive packets. If the software determines that an interface is not usable, it removes the directly connected routing entry from the routing table. Removing the entry allows the software to use dynamic routing protocols to determine backup routes to the network, if any.

If the interface can provide two-way communication, the line protocol is marked "up." If the interface hardware is usable, the interface is marked "up."

If you specify an optional interface type, you see information only on that specific interface.

If you specify no optional arguments, you see information on all the interfaces.

When an asynchronous interface is encapsulated with PPP or Serial Line Internet Protocol (SLIP), IP fast switching is enabled. Theshow ip interfacecommand on an asynchronous interface that is encapsulated with PPP or SLIP displays a message indicating that IP fast switching is enabled.

Examples

This example shows how to display the usability status for a specific VLAN:

If the interface hardware is usable, the interface is marked "up." For an interface to be usable, both the interface hardware and line protocol must be up.

line protocol is up

If the interface can provide two-way communication, the line protocol is marked "up." For an interface to be usable, both the interface hardware and line protocol must be up.

Internet address and subnet mask

IP address and subnet mask of the interface.

Broadcast address

Broadcast address.

Address determined by...

Status of how the IP address of the interface was determined.

MTU

MTU value that is set on the interface.

Helper address

Helper address, if one has been set.

Secondary address

Secondary address, if one has been set.

Directed broadcast forwarding

Status of directed broadcast forwarding.

Multicast groups joined

Multicast groups to which this interface belongs.

Outgoing access list

Status of whether the interface has an outgoing access list set.

Inbound access list

Status of whether the interface has an incoming access list set.

Proxy ARP

Status of whether Proxy Address Resolution Protocol (ARP) is enabled for the interface.

Security level

IP Security Option (IPSO) security level set for this interface.

Split horizon

Status of split horizon.

ICMP redirects

Status of the redirect messages on this interface.

ICMP unreachables

Status of the unreachable messages on this interface.

ICMP mask replies

Status of the mask replies on this interface.

IP fast switching

Status of whether fast switching has been enabled for this interface. Fast switching is typically enabled on serial interfaces, such as this one.

IP SSE switching

Status of the IP silicon switching engine (SSE).

Router Discovery

Status of the discovery process for this interface. It is typically disabled on serial interfaces.

IP output packet accounting

Status of IP accounting for this interface and the threshold (maximum number of entries).

TCP/IP header compression

Status of compression.

Probe proxy name

Status of whether the HP Probe proxy name replies are generated.

WCCP Redirect outbound is enabled

Status of whether packets that are received on an interface are redirected to a cache engine.

WCCP Redirect exclude is disabled

Status of whether packets that are targeted for an interface are excluded from being redirected to a cache engine.

Netflow Data Export (hardware) is enabled

NDE hardware flow status on the interface.

show ip mfib

To display all active Multicast Forwarding Information Base (MFIB) routes, use the show ip mfib command.

show ip mfib [all | counters | log [n]]

Syntax Description

all

(Optional) Specifies all routes in the MFIB, including those routes that are used to accelerate fast switching but that are not necessarily in the upper-layer routing protocol table.

counters

(Optional) Specifies the counts of MFIB-related events. Only nonzero counters are shown.

log

(Optional) Specifies a log of the most recent number of MFIB-related events. The most recent event is first.

n

(Optional) Number of events.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.

12.2(40)SG

Support for command introduced on the Supervisor Engine 6-E and Catalyst 4900M chassis.

Usage Guidelines

In the Supervisor Engine 6-E and Catalyst 4900M chassis, the output of the show ip mfibcommand does not display any hardware counters.

The MFIB table contains a set of IP multicast routes; each route in the MFIB table contains several flags that associate to the route.

The route flags indicate how a packet that matches a route is forwarded. For example, the IC flag on an MFIB route indicates that some process on the switch needs to receive a copy of the packet. These flags are associated with MFIB routes:

•Internal Copy (IC) flag—Set on a route when a process on the switch needs to receive a copy of all packets matching the specified route.

•Signaling (S) flag—Set on a route when a switch process needs notification that a packet matching the route is received. In the expected behavior, the protocol code updates the MFIB state in response to having received a packet on a signaling interface.

•Connected (C) flag—When set on a route, the C flag has the same meaning as the S flag, except that the C flag indicates that only packets sent by directly connected hosts to the route should be signaled to a protocol process.

A route can also have a set of flags associated with one or more interfaces. For an (S,G) route, the flags on interface 1 indicate how the ingress packets should be treated and whether packets matching the route should be forwarded onto interface 1. These per-interface flags are associated with the MFIB routes:

•Accepting (A)—Set on the RPF interface when a packet that arrives on the interface and that is marked as Accepting (A) is forwarded to all Forwarding (F) interfaces.

•Forwarding (F)—Used with the A flag as described above. The set of forwarding interfaces together form a multicast olist or output interface list.

•Signaling (S)—Set on an interface when a multicast routing protocol process in Cisco IOS needs to be notified of ingress packets on that interface.

•Not Platform (NP) fast-switched—Used with the F flag. A forwarding interface is also marked as Not Platform fast-switched whenever that output interface cannot be fast-switched by the platform hardware and requires software forwarding.

For example, the Catalyst 4506 switch with Supervisor Engine III cannot switch tunnel interfaces in hardware so these interfaces are marked with the NP flag. When an NP interface is associated with a route, a copy of every ingress packet arriving on an Accepting interface is sent to the switch software forwarding path for software replication and then forwarded to the NP interface.

Syntax Description

(Optional) Interface type and number of the slot and port; valid values for interface type arefastethernet, gigabitethernet, tengigabitethernet, null, andvlan.

host_name

(Optional) Name or IP address as defined in the DNS hosts table.

host_addresssource

(Optional) IP address or name of a multicast source.

active

(Optional) Displays the rate that active sources are sending to multicast groups.

kbpsinterface_type num

(Optional) Minimum rate at which active sources are sending to multicast groups; active sources sending at this rate or greater will be displayed. Valid values are from 1 to 4294967295 kbps.

count

(Optional) Displays the route and packet count information.

pruned

(Optional) Displays the pruned routes.

static

(Optional) Displays the static multicast routes.

summary

(Optional) Displays a one-line, abbreviated summary of each entry in the IP multicast routing table.

Defaults

This command has no default settings.

Command Modes

Privileged EXEC mode

Command History

Release

Modification

12.1(8a)EW

Support for this command was introduced on the Catalyst 4500 series switch.

12.2(25)EW

Added support for the 10-Gigabit Ethernet interface.

Usage Guidelines

If you omit all the optional arguments and keywords, theshow ip mroutecommand displays all the entries in the IP multicast routing table.

Theshow ip mroute activekbpscommand displays all the sources sending at a rate greater than or equal tokbps.

The multicast routing table is populated by creating source, group (S,G) entries from star, group (*,G) entries. The star refers to all source addresses, the "S" refers to a single source address, and the "G" refers to the destination multicast group address. In creating (S,G) entries, the software uses the best path to that destination group found in the unicast routing table (through Reverse Path Forwarding (RPF).

Examples

This example shows how to display all the entries in the IP multicast routing table:

Switch# show ip mroute

IP Multicast Routing Table

Flags:D - Dense, S - Sparse, s - SSM Group, C - Connected, L - Local,

P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set,

J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running

A - Advertised via MSDP, U - URD, I - Received Source Specific Host

Report

Outgoing interface flags:H - Hardware switched

Timers:Uptime/Expires

Interface state:Interface, Next-Hop or VCD, State/Mode

(*, 230.13.13.1), 00:16:41/00:00:00, RP 10.15.1.20, flags:SJC

Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20

Outgoing interface list:

GigabitEthernet4/9, Forward/Sparse-Dense, 00:16:41/00:00:00, H

(*, 230.13.13.2), 00:16:41/00:00:00, RP 10.15.1.20, flags:SJC

Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD

Outgoing interface list:

GigabitEthernet4/9, Forward/Sparse-Dense, 00:16:41/00:00:00, H

(10.20.1.15, 230.13.13.1), 00:14:31/00:01:40, flags:CJT

Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD

Outgoing interface list:

GigabitEthernet4/9, Forward/Sparse-Dense, 00:14:31/00:00:00, H

(132.206.72.28, 224.2.136.89), 00:14:31/00:01:40, flags:CJT

Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD

Outgoing interface list:Null

Switch#

This example shows how to display the rate that the active sources are sending to the multicast groups and to display only the active sources that are sending at greater than the default rate:

Switch# show ip mroute active

Active IP Multicast Sources - sending > = 4 kbps

Group: 224.2.127.254, (sdr.cisco.com)

Source: 146.137.28.69 (mbone.ipd.anl.gov)

Rate: 1 pps/4 kbps(1sec), 4 kbps(last 1 secs), 4 kbps(life avg)

Group: 224.2.201.241, ACM 97

Source: 130.129.52.160 (webcast3-e1.acm97.interop.net)

Rate: 9 pps/93 kbps(1sec), 145 kbps(last 20 secs), 85 kbps(life avg)

Group: 224.2.207.215, ACM 97

Source: 130.129.52.160 (webcast3-e1.acm97.interop.net)

Rate: 3 pps/31 kbps(1sec), 63 kbps(last 19 secs), 65 kbps(life avg)

Switch#

This example shows how to display route and packet count information:

Switch# show ip mroute count

IP Multicast Statistics

56 routes using 28552 bytes of memory

13 groups, 3.30 average sources per group

Forwarding Counts:Pkt Count/Pkts per second/Avg Pkt Size/Kilobits per second

Member of the multicast group is present on the directly connected interface.

L - Local

Switch is a member of the multicast group.

P - Pruned

Route has been pruned. This information is retained in case a downstream member wants to join the source.

R - Rp-bit set

Status of the (S,G) entry; is the (S,G) entry pointing toward the RP. The R - Rp-bit set is typically a prune state along the shared tree for a particular source.

F - Register flag

Status of the software; indicates if the software is registered for a multicast source.

T - SPT-bit set

Status of the packets; indicates if the packets been received on the shortest path source tree.

J - Join SPT

For (*, G) entries, indicates that the rate of traffic flowing down the shared tree is exceeding the SPT-Threshold set for the group. (The default SPT-Threshold setting is 0 kbps.) When the J - Join SPT flag is set, the next (S,G) packet received down the shared tree triggers an (S,G) join in the direction of the source causing the switch to join the source tree.

For (S, G) entries, indicates that the entry was created because the SPT-Threshold for the group was exceeded. When the J - Join SPT flag is set for (S,G) entries, the switch monitors the traffic rate on the source tree and attempts to switch back to the shared tree for this source if the traffic rate on the source tree falls below the group's SPT-Threshold for more than one minute.

The switch measures the traffic rate on the shared tree and compares the measured rate to the group's SPT-Threshold once every second. If the traffic rate exceeds the SPT-Threshold, the J- Join SPT flag is set on the (*, G) entry until the next measurement of the traffic rate. The flag is cleared when the next packet arrives on the shared tree and a new measurement interval is started.

If the default SPT-Threshold value of 0 Kbps is used for the group, the J- Join SPT flag is always set on (*, G) entries and is never cleared. When the default SPT-Threshold value is used, the switch immediately switches to the shortest-path tree when traffic from a new source is received.

Outgoing interface flag:

Information about the outgoing entry.

H - Hardware switched

Entry is hardware switched.

Timer:

Uptime/Expires.

Interface state:

Interface, Next-Hop or VCD, State/Mode.

(*, 224.0.255.1)(198.92.37.100/32, 224.0.255.1)

Entry in the IP multicast routing table. The entry consists of the IP address of the source switch followed by the IP address of the multicast group. An asterisk (*) in place of the source switch indicates all sources.

Entries in the first format are referred to as (*,G) or "star comma G" entries. Entries in the second format are referred to as (S,G) or "S comma G" entries. (*,G) entries are used to build (S,G) entries.

uptime

How long (in hours, minutes, and seconds) the entry has been in the IP multicast routing table.

expires

How long (in hours, minutes, and seconds) until the entry is removed from the IP multicast routing table on the outgoing interface.

RP

Address of the RP switch. For switches and access servers operating in sparse mode, this address is always 0.0.0.0.

flags:

Information about the entry.

Incoming interface

Expected interface for a multicast packet from the source. If the packet is not received on this interface, it is discarded.

RPF neighbor

IP address of the upstream switch to the source. "Tunneling" indicates that this switch is sending data to the RP encapsulated in Register packets. The hexadecimal number in parentheses indicates to which RP it is registering. Each bit indicates a different RP if multiple RPs per group are used.

DVMRP or Mroute

Status of whether the RPF information is obtained from the DVMRP routing table or the static mroutes configuration.

Outgoing interface list

Interfaces through which packets are forwarded. When theippimnbma-modecommand is enabled on the interface, the IP address of the PIM neighbor is also displayed.

Ethernet0

Name and number of the outgoing interface.

Next hop or VCD

Next hop specifies downstream neighbor's IP address. VCD specifies the virtual circuit descriptor number. VCD0 indicates that the group is using the static-map virtual circuit.

Forward/Dense

Status of the packets; indicates if they are they forwarded on the interface if there are no restrictions due to access lists or the TTL threshold. Following the slash (/), mode in which the interface is operating (dense or sparse).

Forward/Sparse

Sparse mode interface is in forward mode.

time/time(uptime/expiration time)

Per interface, how long (in hours, minutes, and seconds) the entry has been in the IP multicast routing table. Following the slash (/), how long (in hours, minutes, and seconds) until the entry is removed from the IP multicast routing table.

Related Commands

Command

Description

ip multicast-routing (refer to Cisco IOS documentation)

Enables IP multicast routing.

ip pim (refer to Cisco IOS documentation)

Enables Protocol Independent Multicast (PIM) on an interface.

show ip source binding

To display IP source bindings that are configured on the system, use the show ip source bindingEXECcommand.

Note The second entry shows that a default PVACL (deny all IP traffic) is installed on the port for those snooping-enabled VLANs that do not have a valid IP source binding.

•This output appears when you enter the show ip verify source interface fa6/2 command and DHCP snooping is enabled on VLANs 10-20, interface fa6/1 has IP source filter mode that is configured as IP, and there is an existing IP address binding 10.0.0.1 on VLAN 10:

•This output appears when you enter the show ip verify source interface fa6/4 command and the interface fa6/4 has an IP source filter mode that is configured as IP MAC and the existing IP MAC that binds 10.0.0.2/aaaa.bbbb.cccc on VLAN 10 and 11.0.0.1/aaaa.bbbb.cccd on VLAN 11:

•This output appears when you enter the show ip verify source interface fa6/5 command and the interface fa6/5 has IP source filter mode that is configured as IP MAC and existing IP MAC binding 10.0.0.3/aaaa.bbbb.ccce on VLAN 10, but port security is not enabled on fa6/5:

Syntax Description

service-number

(Optional) Identification number of the web cache service group being controlled by the cache. The number can be from 0 to 254. For web caches using Cisco cache engines, the reverse proxy service is indicated by a value of 99.

interfaces

(Optional) WCCP redirect interfaces.

cef

(Optional) CEF interface statistics, including the number of input, output, dynamic, static, and multicast services.

counts

(Optional) WCCP interface count statistics, including the number of CEF and process-switched output and input packets redirected.

detail

(Optional) WCCP interface configuration statistics, including the number of input, output, dynamic, static, and multicast services.

web-cache

(Optional) Statistics for the web cache service.

view

(Optional) Other members of a particular service group, have or have not been detected.

The number of clients that are visible to the router and other clients in the service group.

Number of Service Group Routers

The number of routers in the service group.

Total Packets s/w Redirected

Total number of packets s/w redirected by the router.

Redirect Access-list

The name or number of the access list that determines which packets will be redirected.

Total Packets Denied Redirect

Total number of packets that were not redirected because they did not match the access list.

Total Packets Unassigned

Number of packets that were not redirected because they were not assigned to any cache engine. Packets may not be assigned during initial discovery of cache engines or when a cache is dropped from a cluster.

Group Access-list

Indicates which cache engine is allowed to connect to the router.

Total Messages Denied to Group

Indicates the number of packets denied by the group-list access list.

Total Authentication failures

The number of instances where a password did not match.

Total Bypassed Packets Received

The number of packets that have been bypassed. Process, fast, and Cisco Express Forwarding (CEF) are switching paths within Cisco IOS software.

show ip wccp service-number view

The following is sample output from the show ip wccpservice-number view command for service group 1:

Switch# show ip wccp 1 view

WCCP Router Informed of:

10.168.88.10

10.168.88.20

WCCP Cache Engines Visible

10.168.88.11

10.168.88.12

WCCP Cache Engines Not Visible:

-none-

Note The number of maximum service groups that can be configured is 256.

If any web cache is displayed under the WCCP Cache Engines Not Visible field, the router needs to be reconfigured to map the web cache that is not visible to it.

The name or number of the access list that determines which packets will be redirected.

Total Packets Denied Redirect

Total number of packets that were not redirected because they did not match the access list.

Total Packets Unassigned

Number of packets that were not redirected because they were not assigned to any cache engine. Packets may not be assigned during initial discovery of cache engines or when a cache is dropped from a cluster.

show ipv6 mld snooping querier

To display IP version 6 (IPv6) Multicast Listener Discovery (MLD) snooping querier-related information most recently received by the switch or the VLAN, use the show ipv6 mld snooping querier command.

show ipv6 mld snoopingquerier [vlan vlan-id]

Syntax Description

vlan vlan-id

(Optional) Specifiesa VLAN; the range is 1 to 1001 and 1006 to 4094.

Command Modes

User EXEC mode

Command History

Release

Modification

12.2(40)SG

This command was introduced on the Catalyst 4500.

Usage Guidelines

Use the show ipv6 mld snooping querier command to display the MLD version and IPv6 address of a detected device that sends MLD query messages, which is also called a querier. A subnet can have multiple multicast switches but has only one MLD querier. The querier can be a Layer 3 switch.

The show ipv6 mld snooping querier command output also shows the VLAN and interface on which the querier was detected. If the querier is the switch, the output shows the Port field as Router. If the querier is a router, the output shows the port number on which the querier is learned in the Port field.

The output of the show ipv6 mld snoop querier vlan command displays the information received in response to a query message from an external or internal querier. It does not display user-configured VLAN values, such as the snooping robustness variable on the particular VLAN. This querier information is used only on the MASQ message that is sent by the switch. It does not override the user-configured robustness variable that is used for aging out a member that does not respond to query messages.

VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in MLD snooping.

Examples

This is an example of output from the show ipv6 mld snooping querier command:

Switch> show ipv6 mld snooping querier

Vlan IP Address MLD Version Port

-------------------------------------------------------------

2 FE80::201:C9FF:FE40:6000 v1 Gi3/0/1

This is an example of output from the show ipv6 mld snooping querier vlan command:

show issu capability

To display the ISSU capability for a client, use the show issu capability command.

show issu capability {entries | groups | types} [client_id]

Syntax Description

entries

Displays a list of Capability Types and Dependent Capability Types that are included in a single Capability Entry. Types within an entry can also be independent.

groups

Displays a list of Capability Entries in priority order (the order that they will be negotiated on a session).

types

Displays an ID that identifies a particular capability.

client_id

(Optional) Identifies the client registered to the ISSU infrastructure.

To obtain a list of client IDs, use the show issu clients command.

Defaults

This command has no default settings.

Command Modes

User EXEC mode

Command History

Release

Modification

12.2(31)SGA

This command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Capability is a functionality that an ISSU client can support and is required to interoperate with peers.

When an ISSU-aware client establishes its session with the peer, an ISSU negotiation takes place. The ISSU infrastructure uses the registered information to negotiate the capabilities and the message version to be used during the session.

Examples

The following example shows how to display the ISSU capability types for the IP host ISSU client (clientid=2082):

Switch# show issu capability types 2082

Client_ID = 2082, Entity_ID = 1 :

Cap_Type = 0

Switch#

The following example shows how to display the ISSU capabilities entries for the IP host ISSU client (clientid=2082):

Switch# show issu capability entries 2082

Client_ID = 2082, Entity_ID = 1 :

Cap_Entry = 1 :

Cap_Type = 0

Switch#

The following example shows how to display the ISSU capabilities groups for the IP host ISSU client (clientid=2082):

Related Commands

show issu comp-matrix

To display information regarding the In Service Software Upgrade (ISSU) compatibility matrix, use the show issu comp-matrixcommand.

show issu comp-matrix {negotiated | stored | xml}

Syntax Description

negotiated

Displays negotiated compatibility matrix information.

stored

Displays stored compatibility matrix information.

xml

Displays negotiated compatibility matrix information in XML format.

Defaults

This command has no default settings.

Command Modes

User EXEC mode

Command History

Release

Modification

12.2(31)SGA

This command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Before attempting an ISSU, you should know the compatibility level between the old and the new Cisco IOS software versions on the active and the standby supervisor engines. ISSU will not work if the two versions are incompatible.

The compatibility matrix is available on Cisco.com so that you can also veiw in advance whether an upgrade can be performed with the ISSU process. The compatibility matrix during the ISSU process and later by entering the show issu comp-matrix command. To display information on the negotiation of the compatibility matrix data between two software versions on a given system, use the show issu comp-matrixnegotiated command.

The compatibility matrix information are built-in any Cisco IOS ISSU image. The ISSU infrastructure performs a matrix lookup as soon as the communication with the standby supervisor engine is established. There are three possible results from the lookup operation:

•Compatible—The Base-level system infrastructure and all optional HA-aware subsystems are compatible. In-service upgrade or downgrade between these versions will succeed with minimal service impact.

•Base-Level Compatible—One or more of the optional HA-aware subsystems are not compatible. Although an in-service upgrade or downgrade between these versions will succeed, some subsystems will not be able to maintain their state during the switchover. Prior to attempting an in-service upgrade or downgrade, the impact of this on operation and service of the switch must be considered carefully.

•Incompatible—A set of core system infrastructure must be able to execute in a stateful manner for SSO to function correctly. If any of these "required" features or subsystems is not compatible in two different Cisco IOS images, the two versions of the Cisco IOS images are declared "Incompatible". This means that an in-service upgrade or downgrade between these versions is not possible. The systems operates in RPR mode during the period when the versions of Cisco IOS at the active and standby supervisor engines differ.

Related Commands

show issu endpoints

To display the ISSU endpoint information, use the show issu endpoints command.

show issu endpoints

Syntax Description

This command has no arguments or keywords

Defaults

This command has no default settings.

Command Modes

User EXEC mode

Command History

Release

Modification

12.2(31)SGA

This command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Endpoint is an execution unit within a redundancy domain. There are only 2 endpoints on the Catalyst 4500 series switch redundant chassis: 1 and 2. The endpoints correspond to the slot numbers for the supervisor engine. The ISSU infrastructure communicates between these two endpoints to establish session and to perform session negotiation for ISSU clients.

Related Commands

show issu message

To display checkpoint messages for a specified ISSU client, use the show issu message command.

show issu message {groups | types} [client_id]

Syntax Description

groups

Displays information on Message Group supported by the specified client.

types

Displays information on all Message Types supported by the specified client.

client_id

(Optional) Specifies a client ID.

Defaults

If client ID is not specified, displays message groups or message types information for all clients registered to the ISSU infrastructure.

Command Modes

User EXEC mode

Command History

Release

Modification

12.2(31)SGA

This command was introduced on the Catalyst 4500 series switch.

Usage Guidelines

Messages are sync-data (also known as checkpoint data) sent between two endpoints.

When an ISSU-aware client establishes its session with a peer, an ISSU negotiation takes place. The ISSU infrastructure uses the registered information to negotiate the capabilities and the message version to be used during the session.

Examples

The following example shows how to display the message groups for Client_id 2082:

Switch#show issu message groups 2082

Client_ID = 2082, Entity_ID = 1 :

Message_Group = 1 :

Message_Type = 1, Version_Range = 1 ~ 2

Message_Type = 2, Version_Range = 1 ~ 2

Switch#

The following example shows how to display the message types for Client_id 2082: